350-401 · Question #530
An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?
The correct answer is D. username netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV. Password Authentication Strength on Cisco Routers Option D is correct because secret type 9 uses the scrypt hashing algorithm, which is currently the strongest password encryption available on Cisco IOS routers - it is computationally expensive to crack and represents Cisco's mos
Question
Options
- Ausername netadmin secret 5 $1$b1JUSkZbBS1Pyh4OzwXyZ1kSZ2
- Busername netadmin secret $15b1JuSk404850110QzwXyZ1k SZ2
- Cline Console 0
- Dusername netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV
How the community answered
(23 responses)- A4% (1)
- B4% (1)
- C13% (3)
- D78% (18)
Explanation
Password Authentication Strength on Cisco Routers
Option D is correct because secret type 9 uses the scrypt hashing algorithm, which is currently the strongest password encryption available on Cisco IOS routers - it is computationally expensive to crack and represents Cisco's most modern local authentication standard. Option A uses secret type 5 (MD5 hashing), which is significantly weaker and considered outdated due to MD5's known vulnerabilities to brute-force and rainbow table attacks. Option B contains an improperly formatted secret string with no valid type identifier, making it syntactically incorrect and not a valid Cisco configuration. Option C configures console line access but does not define any username or authentication method, making it completely irrelevant to the question.
Memory Tip:
Think "Higher number = stronger security" - Type 5 (MD5) → Type 8 (PBKDF2-SHA256) → Type 9 (scrypt) = strongest. On the exam, always select the highest secret type number available as it reflects the most modern, secure hashing algorithm Cisco supports.
Topics
Community Discussion
No community discussion yet for this question.